gnu: mercurial: Update to 6.7.2.

* gnu/packages/version-control.scm (mercurial): Update to 6.7.2. [source]<origin>(patches): Remove mercurial-openssl-compat.patch. * gnu/packages/patches/mercurial-hg-extension-path.patch: adapt for mercurial 6.7.2. * gnu/packages/patches/mercurial-openssl-compat.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Unregister it. Change-Id: I1e22d7f38e264576bfa3adef7004fef582a1137e Signed-off-by: Greg Hogan <code@greghogan.com>
2025-10-02 02:15:12 +00:00 · 2024-04-13 14:58:08 +02:00 · 2024-04-13 14:58:08 +02:00 · 78f8266056
commit 78f8266056
parent 519fc51b6e
4 changed files with 6 additions and 105 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1846,7 +1846,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/mecab-variable-param.patch		\
  %D%/packages/patches/memtest86+-build-reproducibly.patch	\
  %D%/packages/patches/mercurial-hg-extension-path.patch	\
-  %D%/packages/patches/mercurial-openssl-compat.patch		\
  %D%/packages/patches/mhash-keygen-test-segfault.patch		\
  %D%/packages/patches/mia-fix-boost-headers.patch		\
  %D%/packages/patches/mia-vtk9.patch				\
--- a/gnu/packages/patches/mercurial-hg-extension-path.patch
+++ b/gnu/packages/patches/mercurial-hg-extension-path.patch
@ -7,15 +7,7 @@ will get this into Mercurial proper.
 diff --git a/mercurial/extensions.py b/mercurial/extensions.py
 --- a/mercurial/extensions.py
 +++ b/mercurial/extensions.py
-@@ -13,6 +13,7 @@
- import imp
- import inspect
- import os
-+import sys
- 
- from .i18n import (
-     _,
-@@ -108,6 +109,11 @@
+@@ -103,6 +103,11 @@
 
 def _importh(name):
     """import and return the <name> module"""
@ -24,6 +16,6 @@ diff --git a/mercurial/extensions.py b/mercurial/extensions.py
 +    if extension_path is not None:
 +        for path in extension_path:
 +            sys.path.append(path)
-     mod = __import__(pycompat.sysstr(name))
-     components = name.split(b'.')
+     mod = __import__(name)
+     components = name.split('.')
     for comp in components[1:]:
--- a/gnu/packages/patches/mercurial-openssl-compat.patch
+++ b/gnu/packages/patches/mercurial-openssl-compat.patch
@ -1,89 +0,0 @@
-Tweak cipher selection to make TLS < 1.2 work with OpenSSL 3.
-
-Taken from Debian:
-
-  https://salsa.debian.org/python-team/packages/mercurial/-/blob/debian/master/debian/patches/openssl_3_cipher_tlsv1.patch
-
--- a/mercurial/sslutil.py
-+++ b/mercurial/sslutil.py
-@@ -117,17 +117,17 @@ def _hostsettings(ui, hostname):
-     ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers)
- 
-     # If --insecure is used, we allow the use of TLS 1.0 despite config options.
-     # We always print a "connection security to %s is disabled..." message when
-     # --insecure is used. So no need to print anything more here.
-     if ui.insecureconnections:
-         minimumprotocol = b'tls1.0'
-         if not ciphers:
-            ciphers = b'DEFAULT'
-+            ciphers = b'DEFAULT:@SECLEVEL=0'
- 
-     s[b'minimumprotocol'] = minimumprotocol
-     s[b'ciphers'] = ciphers
- 
-     # Look for fingerprints in [hostsecurity] section. Value is a list
-     # of <alg>:<fingerprint> strings.
-     fingerprints = ui.configlist(
-         b'hostsecurity', b'%s:fingerprints' % bhostname
-@@ -621,17 +621,17 @@ def wrapserversocket(
- 
-     # Improve forward secrecy.
-     sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
-     sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
- 
-     # In tests, allow insecure ciphers
-     # Otherwise, use the list of more secure ciphers if found in the ssl module.
-     if exactprotocol:
-        sslcontext.set_ciphers('DEFAULT')
-+        sslcontext.set_ciphers('DEFAULT:@SECLEVEL=0')
-     elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'):
-         sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
-         # pytype: disable=module-attr
-         sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
-         # pytype: enable=module-attr
- 
-     if requireclientcert:
-         sslcontext.verify_mode = ssl.CERT_REQUIRED
--- a/tests/test-https.t
-+++ b/tests/test-https.t
-@@ -356,19 +356,19 @@ Start servers running supported TLS vers
-   $ cat ../hg1.pid >> $DAEMON_PIDS
-   $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
-   > --config devel.serverexactprotocol=tls1.2
-   $ cat ../hg2.pid >> $DAEMON_PIDS
-   $ cd ..
- 
- Clients talking same TLS versions work
- 
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/
-+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT/
-   5fed3813f7f5
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/
-+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT1/
-   5fed3813f7f5
-   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
-   5fed3813f7f5
- 
- Clients requiring newer TLS version than what server supports fail
- 
-   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
-   (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
-@@ -400,17 +400,17 @@ Clients requiring newer TLS version than
- 
-   $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
-   warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
-   5fed3813f7f5
- 
- The per-host config option overrides the default
- 
-   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
-  > --config hostsecurity.ciphers=DEFAULT \
-+  > --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 \
-   > --config hostsecurity.minimumprotocol=tls1.2 \
-   > --config hostsecurity.localhost:minimumprotocol=tls1.0
-   5fed3813f7f5
- 
- The per-host config option by itself works
- 
-   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
-   > --config hostsecurity.localhost:minimumprotocol=tls1.2
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@ -2596,16 +2596,15 @@ execution of any hook written in any language before every commit.")
 (define-public mercurial
  (package
    (name "mercurial")
-    (version "6.2.2")
+    (version "6.7.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://www.mercurial-scm.org/"
                                 "release/mercurial-" version ".tar.gz"))
-             (patches (search-patches "mercurial-hg-extension-path.patch"
-                                      "mercurial-openssl-compat.patch"))
+             (patches (search-patches "mercurial-hg-extension-path.patch"))
             (sha256
              (base32
-               "1pr00hdk3l9095fhq6302fgj0wmbqhqs93y4r457ba4pyjjrvyly"))
+               "01nqvp3cvidlz9z5vm05vpq81r6x10jwwfcaz0gw9anz0l60f8hw"))
             (modules '((guix build utils)))
             (snippet
              '(substitute* (find-files "tests" "\\.(t|sh)$")